In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource constrained device leads to user-obstructive latency or an additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computing power. The PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a non-repudiation mechanism against malicious user behavior, the PKASSO can provide such a mechanism by devising a referee server that, on the one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of the PKASSO, and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol.